Säkerhetsbulletin från Debian
DSA-122-1 zlib -- malloc-fel (dubbel frigörning)
- Rapporterat den:
- 2002-03-11
- Berörda paket:
- zlib
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2002-0059.
- Ytterligare information:
-
Komprimeringsbiblioteket zlib har ett fel som gör att det försöker frigöra minne mer än en gång under vissa omständigheter. Detta kan potentiellt utnyttjas för att köra godtycklig kod i program som innehåller zlib. Om ett nätverksprogram kört som root är länkat mot zlib kan detta potentiellt leda till att root-kontot kan komprometteras utifrån. Det finns inga kända sätt att utnyttja detta för närvarande. Denna sårbarhet har tilldelats CVE-kandidatnamnet CAN-2002-0059.
Sårbarheten i zlib är rättad i Debians zlib-paket av version 1.1.3-5.1. Ett antal program länkar antingen statiskt mot zlib eller innehåller en egen upplaga av zlib-koden. Dessa program måste också uppgraderas för att eliminera zlib-sårbarheten. De påverkade paketen och de versioner felet är rättat i följer:
- amaya 2.4-1potato1
- dictd 1.4.9-9potato1
- erlang 49.1-10.1
- freeamp 2.0.6-2.1
- mirrordir 0.10.48-2.1
- ppp 2.3.11-1.5
- rsync 2.3.2-1.6
- vrweb 1.5-5.1
De som använder förhandsversioner (uttestning) av Debian bör uppgradera till zlib 1.1.3-19.1 eller en sneare version. Observera att då denna version av Debian ännu inte har släppts är den kanske inte omedelbart tillgänglig för alla arkitekturer. Debian 2.2 (potato) är den senaste stödda utgåvan.
Vi rekommenderar att du uppgraderar dina paket omedelbart. Observera att du bör starta om alla program som använder det delade zlib-biblioteket för att rättelsen skall träda i kraft. Detta görs enklast genom att starta om systemet.
- Rättat i:
-
Debian GNU/Linux 2.2 (potato)
- Källkod:
- http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.diff.gz
MD5 checksum: 8b7e02c4e32b5af668eb546d71170620- http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.dsc
MD5 checksum: 26451580b96e586120f8edb57ae07855- http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.diff.gz
MD5 checksum: c6e6bdcc444124e7a12ef924cfd4e94f- http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.dsc
MD5 checksum: d39c2bd83ed1178e441c55be2d4ca980- http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.diff.gz
MD5 checksum: 4c9594e4e9ecd32f932ef1c441e1926a- http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.dsc
MD5 checksum: 48b631745b1ddfe02be7dc06e9695fa2- http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.diff.gz
MD5 checksum: 5c356b5999d62763343c930c6c1d5aa2- http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.dsc
MD5 checksum: 5bd1fbceb6a810da65aec534cf3a3234- http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.diff.gz
MD5 checksum: 839961cc3ed655757c1c802fd03efd56- http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.dsc
MD5 checksum: cb1c985cd95a9f59a517e14e24d2a7e8- http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.diff.gz
MD5 checksum: 3a1cf6315b17f2f83d5aea971d8e468d- http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.dsc
MD5 checksum: 75a5827497f1d4c23aaad79358723079- http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.diff.gz
MD5 checksum: f6db414ebdbad942698243dd9b5068d7- http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.dsc
MD5 checksum: 32bf6c8c200f3efbf7ee5b3016ce512a- http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.diff.gz
MD5 checksum: 85be86d09c96de9f1b6672ec172700cd- http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.dsc
MD5 checksum: e87bcdec444fb501a38a6cd917bf1428- http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.diff.gz
MD5 checksum: 6ab5b82c42f9455d8126afe111a0020d- http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.dsc
MD5 checksum: 68a4a7329b43a42d695ef1d57c483113 - http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.dsc
- Arkitekturoberoende komponent:
- http://security.debian.org/dists/stable/updates/main/binary-all/erlang-base_49.1-10.1_all.deb
MD5 checksum: 8c9400db85a52e19b979bba867ad1ecd- http://security.debian.org/dists/stable/updates/main/binary-all/erlang-erl_49.1-10.1_all.deb
MD5 checksum: 65e8b03fb8e56695d1367a5dc6747a45- http://security.debian.org/dists/stable/updates/main/binary-all/erlang-java_49.1-10.1_all.deb
MD5 checksum: 74c2d0ac9fb9c0d27c59610317256d1e- http://security.debian.org/dists/stable/updates/main/binary-all/freeamp-doc_2.0.6-2.1_all.deb
MD5 checksum: 8e434427d2962da24852bdbf8504d916 - http://security.debian.org/dists/stable/updates/main/binary-all/erlang-erl_49.1-10.1_all.deb
- Alpha: Fixed erlang and freeamp packages are not yet available.
- http://security.debian.org/dists/stable/updates/main/binary-alpha/amaya_2.4-1potato1_alpha.deb
MD5 checksum: 103e503b9cdea75b1b1180184f09ee06- http://security.debian.org/dists/stable/updates/main/binary-alpha/dict_1.4.9-9potato1_alpha.deb
MD5 checksum: 587a8fad2ea2ea65ac9136034121d763- http://security.debian.org/dists/stable/updates/main/binary-alpha/dictd_1.4.9-9potato1_alpha.deb
MD5 checksum: 392faaa8797b42039f710a197a449eeb- http://security.debian.org/dists/stable/updates/main/binary-alpha/mirrordir_0.10.48-2.1_alpha.deb
MD5 checksum: 864abf2f06ca92b59519eb68ac7792fe- http://security.debian.org/dists/stable/updates/main/binary-alpha/ppp_2.3.11-1.5_alpha.deb
MD5 checksum: 25437980d4ab9d19a7867362eeb5223e- http://security.debian.org/dists/stable/updates/main/binary-alpha/rsync_2.3.2-1.6_alpha.deb
MD5 checksum: 89b44c524f87976d50527e740a6568e1- http://security.debian.org/dists/stable/updates/main/binary-alpha/vrweb_1.5-5.1_alpha.deb
MD5 checksum: 0f1787afbf74aac8dbd1838116682477- http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib-bin_1.1.3-5.1_alpha.deb
MD5 checksum: 5c4bec088a589a7fc2d95ed2631b6c3b- http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g-dev_1.1.3-5.1_alpha.deb
MD5 checksum: 21cbcdb89af9bfad1d67e32250092252- http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g_1.1.3-5.1_alpha.deb
MD5 checksum: eda30505a1272966bb38efe8a866355f - http://security.debian.org/dists/stable/updates/main/binary-alpha/dict_1.4.9-9potato1_alpha.deb
- ARM: Fixed erlang and freeamp packages are not yet available
- http://security.debian.org/dists/stable/updates/main/binary-arm/amaya_2.4-1potato1_arm.deb
MD5 checksum: 98366f4267c4d33a750ef54555f510e6- http://security.debian.org/dists/stable/updates/main/binary-arm/dict_1.4.9-9potato1_arm.deb
MD5 checksum: 18f41595d4f1fb35479d37b57c54e539- http://security.debian.org/dists/stable/updates/main/binary-arm/dictd_1.4.9-9potato1_arm.deb
MD5 checksum: edaa15b32639ba25fcfa093fdd8639da- http://security.debian.org/dists/stable/updates/main/binary-arm/mirrordir_0.10.48-2.1_arm.deb
MD5 checksum: 12a1fdb998a2b99909c5f64326c517c8- http://security.debian.org/dists/stable/updates/main/binary-arm/ppp_2.3.11-1.5_arm.deb
MD5 checksum: 2143bc17f7f3627cf2ac76a886ee83b9- http://security.debian.org/dists/stable/updates/main/binary-arm/rsync_2.3.2-1.6_arm.deb
MD5 checksum: df6bf519af26c155b059a1d72e237be5- http://security.debian.org/dists/stable/updates/main/binary-arm/vrweb_1.5-5.1_arm.deb
MD5 checksum: c368b4b16739004d1da8d99d616a53af- http://security.debian.org/dists/stable/updates/main/binary-arm/zlib-bin_1.1.3-5.1_arm.deb
MD5 checksum: f32088581e8ca649264f5ead2b8ff662- http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g-dev_1.1.3-5.1_arm.deb
MD5 checksum: b39746f9b8f5d0a1689de2ae3c87c067- http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g_1.1.3-5.1_arm.deb
MD5 checksum: e65571a96e96e55d83030e6f8ea62646 - http://security.debian.org/dists/stable/updates/main/binary-arm/dict_1.4.9-9potato1_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/amaya_2.4-1potato1_i386.deb
MD5 checksum: 9edc31d21f777409a4e836eac02edaf7- http://security.debian.org/dists/stable/updates/main/binary-i386/dict_1.4.9-9potato1_i386.deb
MD5 checksum: 1ef7ecdd761ae384185ce519a3a6e723- http://security.debian.org/dists/stable/updates/main/binary-i386/dictd_1.4.9-9potato1_i386.deb
MD5 checksum: ff61f3719b33c0c839f3447f72066d78- http://security.debian.org/dists/stable/updates/main/binary-i386/erlang_49.1-10.1_i386.deb
MD5 checksum: d933a67f85b37f5b91b60bb7052ba443- http://security.debian.org/dists/stable/updates/main/binary-i386/freeamp_2.0.6-2.1_i386.deb
MD5 checksum: 0e60fd65d7c36c8fb2dc2dda5ae78ce7- http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-alsa_2.0.6-2.1_i386.deb
MD5 checksum: 05508140d8b28de7a9677b442b034ca2- http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-esound_2.0.6-2.1_i386.deb
MD5 checksum: 540e4bca658ab95e92b232cba362a0e8- http://security.debian.org/dists/stable/updates/main/binary-i386/mirrordir_0.10.48-2.1_i386.deb
MD5 checksum: fd0d7ceb5fa949455b87b3beec7809d8- http://security.debian.org/dists/stable/updates/main/binary-i386/ppp_2.3.11-1.5_i386.deb
MD5 checksum: aab4d275165c490a7a153c080d26c232- http://security.debian.org/dists/stable/updates/main/binary-i386/rsync_2.3.2-1.6_i386.deb
MD5 checksum: dbb3fd68442fc31cd474f73feb6e69cd- http://security.debian.org/dists/stable/updates/main/binary-i386/vrweb_1.5-5.1_i386.deb
MD5 checksum: 38b6552e9531c4082e0e26b7b309a1bc- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib-bin_1.1.3-5.1_i386.deb
MD5 checksum: 3b7a51b2f7920fbbdc41d0385d633277- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1-altdev_1.1.3-5.1_i386.deb
MD5 checksum: ad125010b4fe3fd81450df3d9a4f4495- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1_1.1.3-5.1_i386.deb
MD5 checksum: a22ed0933265d6fc60e088e7b9fac767- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g-dev_1.1.3-5.1_i386.deb
MD5 checksum: 4bd5ee2a61508ad5a65c1f2cfdc999d1- http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g_1.1.3-5.1_i386.deb
MD5 checksum: fe990607608285642f4f5a8834a43515 - http://security.debian.org/dists/stable/updates/main/binary-i386/dict_1.4.9-9potato1_i386.deb
- Motorola 680x0: Fixed amaya, erlang, and freeamp packages are not yet available
- http://security.debian.org/dists/stable/updates/main/binary-m68k/dict_1.4.9-9potato1_m68k.deb
MD5 checksum: 53f263726d3ac8cdf9871f2afa1404e1- http://security.debian.org/dists/stable/updates/main/binary-m68k/dictd_1.4.9-9potato1_m68k.deb
MD5 checksum: 5deebe594adb9c3fce05340aab13a93b- http://security.debian.org/dists/stable/updates/main/binary-m68k/mirrordir_0.10.48-2.1_m68k.deb
MD5 checksum: f5f484a482df62b25c6672b0e6a36840- http://security.debian.org/dists/stable/updates/main/binary-m68k/ppp_2.3.11-1.5_m68k.deb
MD5 checksum: 41f54ba14ecaeb73b3e67f47fc4b449c- http://security.debian.org/dists/stable/updates/main/binary-m68k/rsync_2.3.2-1.6_m68k.deb
MD5 checksum: 6ddd7d495dddb8adab5f1ce2cb89cf46- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib-bin_1.1.3-5.1_m68k.deb
MD5 checksum: ed20e21e130998cdd9c3067c60a85284- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1-altdev_1.1.3-5.1_m68k.deb
MD5 checksum: 32f000160aaf7aeffe679340499a077d- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1_1.1.3-5.1_m68k.deb
MD5 checksum: 8d5a20517f70e9e320effdbb94960d30- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g-dev_1.1.3-5.1_m68k.deb
MD5 checksum: 0138affc09403329102cb2ac8c1e3233- http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g_1.1.3-5.1_m68k.deb
MD5 checksum: f793784742e28455c638c5f222ad35ec - http://security.debian.org/dists/stable/updates/main/binary-m68k/dictd_1.4.9-9potato1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/amaya_2.4-1potato1_powerpc.deb
MD5 checksum: 635468964d16fedf4adf2bc82ffb2487- http://security.debian.org/dists/stable/updates/main/binary-powerpc/dict_1.4.9-9potato1_powerpc.deb
MD5 checksum: 180c1116e2ab5cc253ccdd904c895a1c- http://security.debian.org/dists/stable/updates/main/binary-powerpc/dictd_1.4.9-9potato1_powerpc.deb
MD5 checksum: bb8952f706da3a6220edfa1a2517b427- http://security.debian.org/dists/stable/updates/main/binary-powerpc/erlang_49.1-10.1_powerpc.deb
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/freeamp_2.0.6-2.1_powerpc.deb
MD5 checksum: 1c9bfdbda16f812b5710489f69ed769b- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-alsa_2.0.6-2.1_powerpc.deb
MD5 checksum: 4a98275c96c880f922cc141660fe31a6- http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-esound_2.0.6-2.1_powerpc.deb
MD5 checksum: 43ae8f7d469b2d68c04f10ed4fedd09c- http://security.debian.org/dists/stable/updates/main/binary-powerpc/ppp_2.3.11-1.5_powerpc.deb
MD5 checksum: a2f66003d6dbb68d4a45b82bfde535ba- http://security.debian.org/dists/stable/updates/main/binary-powerpc/rsync_2.3.2-1.6_powerpc.deb
MD5 checksum: 208ee03e22c774110e6c1ce8058cb6ff- http://security.debian.org/dists/stable/updates/main/binary-powerpc/vrweb_1.5-5.1_powerpc.deb
MD5 checksum: 9a99930387c2a4e113d72b1e98a0f22d- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib-bin_1.1.3-5.1_powerpc.deb
MD5 checksum: 42b2797840af971b1539804f24961f9b- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g-dev_1.1.3-5.1_powerpc.deb
MD5 checksum: 1418015984f8eae6900c14aea7e34e27- http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g_1.1.3-5.1_powerpc.deb
MD5 checksum: f3d4c6e5ac91121cc1788ad2918be87b - http://security.debian.org/dists/stable/updates/main/binary-powerpc/dict_1.4.9-9potato1_powerpc.deb
- Sun Sparc: Fixed erlang packages are not yet available
- http://security.debian.org/dists/stable/updates/main/binary-sparc/amaya_2.4-1potato1_sparc.deb
MD5 checksum: 66daff720b4842ba2ffa189cb3ec71e1- http://security.debian.org/dists/stable/updates/main/binary-sparc/dict_1.4.9-9potato1_sparc.deb
MD5 checksum: f21c262fc6ce524e4fa8890e9df664df- http://security.debian.org/dists/stable/updates/main/binary-sparc/dictd_1.4.9-9potato1_sparc.deb
MD5 checksum: 50e092399da866eb963a5d1d8334231e- http://security.debian.org/dists/stable/updates/main/binary-sparc/freeamp_2.0.6-2.1_sparc.deb
MD5 checksum: 5d98e0b0fddfca6f7dd3419845dc0716- http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-alsa_2.0.6-2.1_sparc.deb
MD5 checksum: 9a9aae3e2675ceb57ea72f4fb97ee15f- http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-esound_2.0.6-2.1_sparc.deb
MD5 checksum: c866d84dcb7bdbf15c5f6fc248763a7c- http://security.debian.org/dists/stable/updates/main/binary-sparc/mirrordir_0.10.48-2.1_sparc.deb
MD5 checksum: d8244127cddcef161e8897d97e01c412- http://security.debian.org/dists/stable/updates/main/binary-sparc/ppp_2.3.11-1.5_sparc.deb
MD5 checksum: 9e6908bc41505b6b9c52181106656295- http://security.debian.org/dists/stable/updates/main/binary-sparc/rsync_2.3.2-1.6_sparc.deb
MD5 checksum: 042eb6d05e0cc945b58f5016dbebb0b9- http://security.debian.org/dists/stable/updates/main/binary-sparc/vrweb_1.5-5.1_sparc.deb
MD5 checksum: 5f05c34d1a08204fe7112f2968cf092e- http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib-bin_1.1.3-5.1_sparc.deb
MD5 checksum: adb48a5e589c83b0f0bcb362b6ae9121- http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g-dev_1.1.3-5.1_sparc.deb
MD5 checksum: 23fda7fd35dddb0d6e57a4042b86c727- http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g_1.1.3-5.1_sparc.deb
MD5 checksum: 6e1acae215a1e1073184936958f07d31 - http://security.debian.org/dists/stable/updates/main/binary-sparc/dict_1.4.9-9potato1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.